Upload
others
View
16
Download
1
Embed Size (px)
Citation preview
Virtual Private Network (VPN)
Sample_OneNote Page 1
Why Virtual Private Network (VPN)?
Sample_OneNote Page 2
The General Idea: Using "Proxy"
Sample_OneNote Page 3
Proxy at the Transport LayerSSH Tunneling
Sample_OneNote Page 4
Proxy at the IP LayerIP Tunneling
Sample_OneNote Page 5
IP Tunneling: IPSec Approach
Sample_OneNote Page 6
IP Tunneling: SSL/TLS Approach
Sample_OneNote Page 7
Review: Tunneling
Sample_OneNote Page 8
Virtual Networking Technologies
Sample_OneNote Page 9
The TUN/TAP Interface
Sample_OneNote Page 10
Packet Tunneling
Sample_OneNote Page 11
How VPN Works: Outgoing Traffic
Sample_OneNote Page 12
Creating TUN/TAP Interface
Creating a TUN Interface
Show the TUN Interface
Set the IP Address for the TUN Interface
Bring Up the TUN Interface
Sample_OneNote Page 13
Network Configuration
Sample_OneNote Page 14
Read from the TUN Interface (ping 192.168.60.5)
Read From the TUN Interface
Sample_OneNote Page 15
Create a Packet
Write to the TUN Interface
Write to the TUN interface
# cat icmp.bin >& 3
Sample_OneNote Page 16
Question: Network Setup
Question: Where should we run the following commands?
A: $ sudo route add -net 10.4.2.0/24 gw 192.168.60.5 eth19
B: $ sudo route add -net 10.4.2.0/24 tun0
C: $ sudo route add -net 192.168.60.0/24 tun0
Sample_OneNote Page 17
Testing VPN
Sample_OneNote Page 18
Case Study: SURA (Syracuse University VPN)
Sample_OneNote Page 19
SURA: Before Running VPN
Interfaces
Routing table (Windows: Route PRINT)
Sample_OneNote Page 20
SURA: After Running VPN
Interfaces
Routing table
Sample_OneNote Page 21
Question: Find the IP Addresses
What is my computer’s real IP address (i.e., the IP address of my WiFi card)?1.
What is the IP address of the VPN server? 2.What is the IP address of my TUN interface? 3.
SU's VPN is called SURA. If you run SURA on your computer, once you have logged in, a VPN tunnel will be established between your host machine and SU's network (128.230.0.0/16). After I run SURA, the routing table on my computer appears as in the picture below. Please answer the following questions.
Sample_OneNote Page 22
Lab Setup
Manually set up the IP address for the "Internal Network" adaptor on VPN Server
Sample_OneNote Page 23
Creating a VPN Tunnel using TUN/TAP
Sample_OneNote Page 24
Packet Flow
Sample_OneNote Page 25
Encrypting the Tunnel
Packet Flow
Sample_OneNote Page 26
Bypassing Firewalls: Another Popular Use of VPN
Internet
Sample_OneNote Page 27
A Related Lab: Bypassing Firewalls using VPN
Sample_OneNote Page 28